From ac180970a135e66181161eb13ec3d8e1b627b6d4 Mon Sep 17 00:00:00 2001 From: Harald Eilertsen Date: Tue, 19 Dec 2023 16:34:57 +0100 Subject: Use custom nginx-config, and set composer root --- .ddev/config.yaml | 5 +-- .ddev/nginx_full/nginx-site.conf | 94 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 .ddev/nginx_full/nginx-site.conf diff --git a/.ddev/config.yaml b/.ddev/config.yaml index abf1f85..104fea5 100644 --- a/.ddev/config.yaml +++ b/.ddev/config.yaml @@ -2,6 +2,7 @@ name: hubzilla type: php docroot: "core" +composer_root: "core" php_version: "8.1" webserver_type: nginx-fpm router_http_port: "80" @@ -12,7 +13,3 @@ database: webimage_extra_packages: [php-gd, php-imagick] working_dir: { web: '/var/www/html/core' } nodejs_version: "16" - -hooks: - post-start: - - exec: 'cp .ddev/nginx_full/nginx-hubzilla.conf.example .ddev/nginx_full/nginx-site.conf' diff --git a/.ddev/nginx_full/nginx-site.conf b/.ddev/nginx_full/nginx-site.conf new file mode 100644 index 0000000..29646a7 --- /dev/null +++ b/.ddev/nginx_full/nginx-site.conf @@ -0,0 +1,94 @@ +# ddev nginx config for Hubzilla + +server { + listen 80 default_server; + listen 443 ssl default_server; + + root /var/www/html/core; + + ssl_certificate /etc/ssl/certs/master.crt; + ssl_certificate_key /etc/ssl/certs/master.key; + + include /etc/nginx/monitoring.conf; + + index index.php; + charset utf-8; + + # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html + sendfile off; + error_log /dev/stdout info; + access_log /var/log/nginx/access.log; + + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + include mime.types; + + # rewrite to front controller as default rule + location / { + # try_files $uri /index.php?q=$uri; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?q=$1; + } + } + + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + try_files $uri /index.php?q=$uri; + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { + expires 30d; + try_files $uri /index.php?q=$uri&$args; + } + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + # pass the PHP scripts to FastCGI server listening on socket + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm.sock; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_intercept_errors off; + # fastcgi_read_timeout should match max_execution_time in php.ini + fastcgi_read_timeout 10m; + fastcgi_param SERVER_NAME $host; + fastcgi_param HTTPS $fcgi_https; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + + #deny access to store + location ~ /store { + deny all; + } + + #deny access to util + location ~ /util { + deny all; + } + + include /etc/nginx/common.d/*.conf; + include /mnt/ddev_config/nginx/*.conf; +} -- cgit v1.2.3